Access to encryption technology, the growth of cloud services, and the Internet of Things pose challenges to the way the Australian Federal Police (AFP) investigates both traditional and online criminal activity.
Speaking at the CeBIT GovInnovate conference in Canberra on Wednesday, AFP assistant commissioner and national manager for high-tech crime operations Tim Morris said that in the past, digital forensic investigation within the AFP simply involved seizing a desktop at the time of acting on a warrant. But now, there are many more devices that the law-enforcement agency needs to obtain in order to investigate crimes.
"Most households have three or four tablets, maybe one desktop, your smartphones. A lot of data is seized in very straightforward investigations, let alone cyber investigations," he said.
"[It is] huge amounts to go through. Our friends at Apple and Google have probably not helped the situation hugely by introducing operating systems that forensics unfortunately cannot look at."
Both Google and Apple have pledged to have their devices locked with end-to-end encryption by default. In iOS 8, Apple leaves the encryption keys with the customer, something that Google has also promised to do in the future.
The companies said this means that even under a court order from the US government, the companies would not be able to decrypt personal data held, such as emails, text messages, and photos.
Morris' comments echoed that of FBI director James Comey, who said in October that encryption could have "very serious consequences" for law enforcement.
Morris indicated that the growth in the number of devices also means that the AFP has to consider what data it is collecting as part of investigations.
"The very nature of what we do, the Internet of Things, means more computing in more different places," he said.
"That's just going to get more and more complicated for us, as you can just imagine the digital forensics team seizing a fridge and having a look at it. Or a toaster."
He said that data sovereignty is also an issue, with more data the AFP wanted access to now stored in the cloud — and if the storage is outside of Australia, it could take much more time to get access to the data.
"It ain't here, it's out there. And out there could be anywhere in the world. And that's a challenge for us. That means the only way we can get that back again is through mutual legal assistance. It can take a month, it could take two years," he said.
Morris backed the Australian government's legislation to require telecommunications companies to retain customer data for two years for the purposes of criminal law enforcement. He said that establishing the identity of a criminal through information such a metadata is fundamental to the AFP's role.
"It is becoming increasingly difficult in an environment where criminal elements are using what is largely commercial off-the-shelf technologies to communicate in order to obfuscate their identity," he said.
"Why law-enforcement and intelligence agencies are being so vocal is because if you remove this basic foundation of attribution, there won't be even a chance of criminal prosecution."
Morris said the so-called Five Eyes alliance, made up of the intelligence agencies of the UK, Australia, New Zealand, the US, and Canada, had been "a huge boon" for the AFP for technology and intelligence transfer, and said that the AFP had worked closely with the FBI and other agencies in bringing down the GameOver Zeus botnet earlier this year.
"A few goes had been had at removing Game Over Zeus unsuccessfully, so in concert with other international agencies, the AFP worked with two Australian internet service providers to block their customers from connecting outbound and inbound to several thousand domain names that were used to update the malware," he said.
The AFP had used a controversial power in the Telecommunications Act to request internet service providers to block websites. The parliament is now currently reviewing this power. Morris said that the GameOver Zeus example showed an example of law-enforcement collaboration that protected Australian citizens from further compromise.
"It effectively rendered the malware useless in Australia," he said.